Skip to content

Porting From Earlier BC Releases to 1.47 and Later

dghgit edited this page Aug 2, 2020 · 1 revision

1.47 represents another step along to version 2. A substantial rewrite has been done on the ASN.1 library, hopefully to simplify it, but also to make it more efficient and remove a lot of ambiguities (well as many as possible under the circumstances...) There have also been some changes in CMS and the OpenPGP API now allows similar objects to the operators used by 1.46 CMS to relieve the need to do everything via a JCA/JCE provider.

JAR dependencies

  • bcpkix depends on bcprov.
  • bcmail depends on bcpkix and bcprov, as well as JavaMail and the activation api.
  • bcpg depends on bcprov.

The only thing in the bcmail jar is the SMIME implementation for JavaMail. CMS, certificate generation, PKCS 12 file handling, OpenSSL PEM file handling, EAC and TSP are in the bcpkix jar.

ASN.1 Changes

The following classes have changed names:

Old Class New Class
ASN1Object ASN1Primitive
ASN1Encodable ASN1Object
DEREncodable ASN1Encodable
DERObject ASN1Primitive
DERString ASN1String
DERObjectIdentifier ASN1ObjectIdentifier
X509Name X500Name
DERInteger ASN1Integer
DEREnumerated ASN1Enumerated
X509Attributes X509AttributeIdentifiers
X509Extension Extension

The following methods have changed:

Old Method New Method
getDERObject() toASN1Primitive
getDEREncoded() getEncoded(ASN1Encoding.DER)
new CRLReason(int) CRLReason.lookup(int)

DLSet and DLSequence have been added to allow people to distinguish between DER and definite length encoding.

Construction of high level ASN.1 objects from primitive ones should always be done by getInstance() - for example new Attribute(ASN1Sequence) has become Attribute.getInstance(ASN1Sequence).

The getInstance methods can now (generally) take byte[] arrays, so it's possible to say ASN1Sequence.getInstance(byte[]), rather than having to say ASN1Sequence.getInstance(ASN1InputStream(byte[]).readObject()).

CMS Changes

RecipientId can not be instantiated any more, use things like KeyTransRecipientId or JceKeyTransRecipientId as appropriate.

SignerId now requires a specific constructor.

To convert from SignerIds and RecipientIds use the JcaX509CertSelectorConverter class. To convert from X509CertSelectors use the JcaX509SelectorConverter class.

OpenPGP Changes

See the OpenPGP examples package for updates to the new API.

PKCS Changes

PKCS10CertificationRequestHolder has become PKCS10CertificationRequest.

Provider Changes

The provider is now a lot more configurable. The possibly the biggest benefit of this is it is now a lot easier to construct a stripped down version. It does mean the underlying generated types for asymmetric keys have changed though, for example JCEECPrivateKey has become BCECPrivateKey. The change in key types has also allowed us to fix serialisation issues that were starting to show up with systems like JBoss


The lightweight stream classes: MacOutputStream, DigestOutputStream, and SignerOutputStream have changed. To get equivalent functionality to before use TeeOutputStream as well.


Don't forget to donate. Help us keep this project independent and going! Thanks.